The Cybersecurity and Infrastructure Security Agency has published new guidance to support organizations’ efforts to address memory safety risks in open-source software, or OSS, projects.
Titled “Exploring Memory Safety in Critical Open Source Projects,” the document is created to also help software manufacturers formulate road maps and plans to address memory safety in external dependencies, which typically include OSS, CISA said Wednesday.
The guide is in line with the 2023 National Cybersecurity Strategy in its aim to invest in memory-safe programming languages and work with the open-source community in establishing an interagency Open Source Software Security Initiative.
Co-developed with the FBI, the Australian Cyber Security Centre and the Canadian Cyber Security Center, the guidance builds on “The Case for Memory Safe Road Maps” publication, which reported in December 2023 that memory safety vulnerabilities are among the most prevalent types of software security problems.
The new cybersecurity guidance contains methodologies and results that organizations and software manufacturers must study to help them reduce memory safety vulnerabilities and make secure and informed choices.
The publication will also enable organizations to better understand the memory-unsafety risk in OSS and assess strategies to reduce such threat.